Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Falso positive in ImageMagic
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
PSI
| macox | Falso positive in ImageMagic |
|---|---|
 |
25th Mar, 2012 10:40 |
|
Ranking: 1 Posts: 6 User Since: 25th Mar, 2012 System Score: N/A Location: LU |
The latest data update of Secunia PSI gives a warning about ImageMagic 6.7.6 and that an update to version 6.7.6-1 is needed. Alas, in the latest ImageMagic update, ImaneMagic did not update the internal file versions i the executables. So in spite of having the correct version 6.7.6-1 installed, PSI still thinks it is 6.7.6 because the subversion is nowhere declared in the files. The only way to detect the correct version would be on file dates (17/3/2012) |
| Maurice Joyce | RE: Falso positive in ImageMagic | ||||||||
|
25th Mar, 2012 11:07 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
This is a known error by the programme vendor not Secunia. See this thread: http://secunia.com/community/forum/thread/show/123... -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| macox | RE: Falso positive in ImageMagic | ||||||||
|
|
25th Mar, 2012 12:21 | ||||||||
| Score: 1 Posts: 6 User Since: 25th Mar 2012 System Score: N/A Location: LU |
I partly disagree. While it is bad practice of ImageMagic to not update the version string, it is nevertheless a Secunia bug to "require" a version string that is not used by the software vendor. Also, isn't Secunia able to use the other information from the vendor signature in the executable? After all, ImageMagic does also put the built date in the executable and that date is enough to clearly distinguish the bad and the good versions. | ||||||||
|
|||||||||
| Maurice Joyce | RE: Falso positive in ImageMagic | ||||||||
|
|
25th Mar, 2012 12:51 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
PSI reads metadata. From other threads U have posted to it is clear U have no idea how Secunia reads vendor data to scan & produce a user report. http://secunia.com/vulnerability_scanning/personal... If U consider there are others ways to accurately portray this detail where is the syntax? Secunia should not have to consider or make allowances for errors created by lazy vendors. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
